Privacy Policy

Privacy Policy

Last updated: 2 May 2026

Who We Are

This service is operated by A.B. Sidhu & A.A. Swan, trading as WhiteHorse AI, ABN 92 922 819 079, Suite 1B, Level 8/10 Bridge St, Sydney NSW 2000. You can contact us about privacy, support, billing, or data requests at swan@whitehorseai.ai.

Information We Collect

GHL Telegram Agent collects the information needed to provide the service: your email, business details, Telegram chat ID, HighLevel location ID, encrypted HighLevel Private Integration Token, usage logs, billing records, attribution data, access-mode choice, support messages, and operational audit records.

When you use the bot, we may process Telegram messages, commands, images, documents, voice notes, file metadata, generated CSVs, HighLevel API responses, tool call results, and model usage information. We may also collect technical data such as IP address, user agent, request timestamps, errors, webhook delivery status, cookies, browser identifiers, and landing-page URL parameters.

Advertising and Attribution

We use Meta Pixel and Meta Conversions API to measure ad performance. This may include page visits, signup steps, checkout events, purchase events, URL parameters, browser identifiers such as Meta cookies, IP address, user agent, and hashed email where available.

How We Use Information

We use information to provide the Telegram agent, connect your HighLevel account, interpret requests, perform permitted HighLevel actions, generate exports, process files and media, send service messages, manage billing, calculate credits and overage, prevent abuse, debug errors, secure the service, comply with legal obligations, and improve reliability and product quality.

HighLevel Tokens and Customer Data

We do not sell your HighLevel data. HighLevel tokens are encrypted before storage and are used only to perform actions you request under your selected access mode. Telegram media may be stored temporarily in S3 so the agent can read images, voice notes, documents, and generated exports.

You control the scopes granted to your HighLevel Private Integration Token. You should limit scopes to what you want the agent to access, and you can rotate or revoke the token in HighLevel. If you revoke a token, the agent may stop working until a replacement token is provided.

AI Processing

Your prompts, business context, media references, and relevant HighLevel data may be sent to AI model providers through our cloud infrastructure so the agent can understand and respond to requests. We aim to send the minimum context reasonably needed for the task, but some requests may require customer data or file content to be processed by model providers.

Service Providers

We use third-party providers including HighLevel, Telegram, Stripe, AWS, Meta, Vercel, and AI model providers. These providers process information for hosting, storage, payments, analytics, advertising attribution, messaging, AI inference, security, and operational support.

Retention

We keep information for as long as needed to provide the service, resolve disputes, maintain security, comply with accounting and legal obligations, support billing records, and investigate abuse or platform issues. Generated files and Telegram media may be deleted or rotated sooner where they are no longer needed.

Security

We use technical and operational controls intended to protect customer data, including access controls, transport encryption, token vaulting, redaction of sensitive logs where appropriate, cloud storage controls, and restricted production access. No internet-connected system can be guaranteed completely secure.

International Processing

Data may be processed in Australia, the United States, and other locations where our service providers operate. By using the service, you acknowledge that information may be transferred outside your country for the purposes described in this policy.

Your Requests

You can request access, correction, export, or deletion of account information by contacting swan@whitehorseai.ai. We may need to verify your identity and authority over the relevant account before acting on a request.

Some billing, tax, security, fraud-prevention, backup, and audit records may be retained where required or where deletion would compromise legitimate business, legal, or security interests.

Changes

We may update this privacy policy as the service changes. The latest version will be posted on this page. If a change is material, we may provide additional notice through the website, Telegram, email, or another practical channel.